MDKSA-2004:006

Problem description

A number of vulnerabilities were discovered in the gaim instant
messenger program by Steffan Esser, versions 0.75 and earlier.
Thanks to Jacques A. Vidrine for providing initial patches.
Multiple buffer overflows exist in gaim 0.75 and earlier: When
parsing cookies in a Yahoo web connection; YMSG protocol overflows
parsing the Yahoo login webpage; a YMSG packet overflow; flaws in
the URL parser; and flaws in the HTTP Proxy connect (CAN-2004-006).
A buffer overflow in gaim 0.74 and earlier in the Extract Info Field
Function used for MSN and YMSG protocol handlers (CAN-2004-007).
An integer overflow in gaim 0.74 and earlier, when allocating memory
for a directIM packet results in a heap overflow (CAN-2004-0008).